Family invites (#1397)

* Initial pass at household invites * Invitee setup * Clean up add member form * Lint and other tweaks * Security cleanup * Lint * i18n fixes * More i18n cleanup * Show pending invites * Don't use turbo on the form * Improved email design * Basic tests * Lint * Update onboardings_controller.rb * Registration + invite cleanup * Lint * Update brakeman.ignore * Update brakeman.ignore * Self host invite links * Test tweaks * Address missing param error
2025-08-05 21:45:23 +02:00 · 2024-11-01 10:23:27 -05:00 · 2024-11-01 10:23:27 -05:00 · 793bd852a0
commit 793bd852a0
parent 09b269273a
26 changed files with 502 additions and 45 deletions
--- a/config/brakeman.ignore
+++ b/config/brakeman.ignore
@ -38,7 +38,7 @@
          "type": "controller",
          "class": "AccountsController",
          "method": "show",
-          "line": 39,
+          "line": 36,
          "file": "app/controllers/accounts_controller.rb",
          "rendered": {
            "name": "accounts/show",
@ -72,7 +72,7 @@
          "type": "controller",
          "class": "AccountsController",
          "method": "show",
-          "line": 39,
+          "line": 36,
          "file": "app/controllers/accounts_controller.rb",
          "rendered": {
            "name": "accounts/show",
@ -91,6 +91,29 @@
      ],
      "note": ""
    },
+    {
+      "warning_type": "Mass Assignment",
+      "warning_code": 105,
+      "fingerprint": "aaccd8db0be34afdc88e5af08d91ae2e8b7765dfea2f3fc6e1c37db0adc7b991",
+      "check_name": "PermitAttributes",
+      "message": "Potentially dangerous key allowed for mass assignment",
+      "file": "app/controllers/invitations_controller.rb",
+      "line": 34,
+      "link": "https://brakemanscanner.org/docs/warning_types/mass_assignment/",
+      "code": "params.require(:invitation).permit(:email, :role)",
+      "render_path": null,
+      "location": {
+        "type": "method",
+        "class": "InvitationsController",
+        "method": "invitation_params"
+      },
+      "user_input": ":role",
+      "confidence": "Medium",
+      "cwe_id": [
+        915
+      ],
+      "note": ""
+    },
    {
      "warning_type": "Cross-Site Scripting",
      "warning_code": 2,
@ -140,7 +163,7 @@
          "type": "controller",
          "class": "AccountsController",
          "method": "show",
-          "line": 39,
+          "line": 36,
          "file": "app/controllers/accounts_controller.rb",
          "rendered": {
            "name": "accounts/show",
@ -194,6 +217,6 @@
      "note": ""
    }
  ],
-  "updated": "2024-10-17 11:30:15 -0400",
-  "brakeman_version": "6.2.1"
+  "updated": "2024-11-01 09:36:40 -0500",
+  "brakeman_version": "6.2.2"
 }
--- a/config/locales/mailers/invitation_mailer/en.yml
+++ b/config/locales/mailers/invitation_mailer/en.yml
@ -0,0 +1,8 @@
+en:
+  invitation_mailer:
+    invite_email:
+      subject: "%{inviter} has invited you to join their household on Maybe!"
+      greeting: "You've been invited!"
+      body: "%{inviter} has invited you to join their household '%{family}' as a %{role}."
+      accept_button: "Accept Invitation"
+      expiry_notice: "This invitation will expire in %{days} days."
--- a/config/locales/views/invitation_mailer/en.yml
+++ b/config/locales/views/invitation_mailer/en.yml
@ -0,0 +1,7 @@
+en:
+  invitation_mailer:
+    invite_email:
+      greeting: "Welcome to Maybe!"
+      body: "%{inviter} has invited you to join the %{family} family on Maybe!"
+      accept_button: "Accept Invitation"
+      expiry_notice: "This invitation will expire in %{days} days"
--- a/config/locales/views/invitations/en.yml
+++ b/config/locales/views/invitations/en.yml
@ -0,0 +1,14 @@
+en:
+  invitations:
+    create:
+      success: "Invitation sent successfully"
+      failure: "Could not send invitation"
+    new:
+      title: Invite Someone
+      subtitle: Send an invitation to join your family account on Maybe
+      email_placeholder: Enter email address
+      email_label: Email Address
+      role_member: Member
+      role_admin: Administrator
+      role_label: Role
+      submit: Send Invitation
--- a/config/locales/views/registrations/en.yml
+++ b/config/locales/views/registrations/en.yml
@ -9,12 +9,15 @@ en:
        create: Continue
  registrations:
    create:
-      failure: Invalid input, please try again.
      invalid_invite_code: Invalid invite code, please try again.
      success: You have signed up successfully.
    new:
      submit: Create account
-      title: Create an account
+      title: Create your account
+      join_family_title: "Join %{family}"
+      invitation_message: "%{inviter} has invited you to join as a %{role}"
+      role_member: "member"
+      role_admin: "administrator"
      welcome_body: To get started, you must sign up for a new account.  You will
        then be able to configure additional settings within the app.
      welcome_title: Welcome to Self Hosted Maybe!
--- a/config/locales/views/settings/en.yml
+++ b/config/locales/views/settings/en.yml
@ -41,6 +41,7 @@ en:
        theme_title: Theme
    profiles:
      show:
+        invite_member: "Add member"
        confirm_delete:
          body: Are you sure you want to permanently delete your account? This action
            is irreversible.
@ -60,6 +61,8 @@ en:
        profile_subtitle: Customize how you appear on Maybe
        profile_title: Profile
        save: Save
+        pending: Pending
+        invitation_link: Invitation link
    user_avatar_field:
      accepted_formats: JPG or PNG. 5MB max.
      choose: Choose
--- a/config/routes.rb
+++ b/config/routes.rb
@ -111,6 +111,10 @@ Rails.application.routes.draw do
    resources :exchange_rate_provider_missings, only: :update
  end

+  resources :invitations, only: [ :new, :create ] do
+    get :accept, on: :member
+  end
+
  # For managing self-hosted upgrades and release notifications
  resources :upgrades, only: [] do
    member do